Related

If this week’s Heartbleed scare has left you daunted at the task of cleaning up your sloppy online security, you’re not alone.

The security management company LastPass estimates the average Internet user has 25 passwords. And many people break all the security rules and use the same password for more than one website. And you start counting the number of sites you sign into - from your bank, to Facebook, to that online store where you bought a Christmas present three years ago - you could find you have 50 to 100 online accounts and some people have many more.

Should you panic about Heartbleed?

If your password is Fluff1thec@t and you’ve used it on every site you’ve ever signed into, maybe you should skip tonight’s date and triage.

For the rest, the best advice I’ve heard comes from Mark Nunnikhoven, a vice-president with Trend Micro: “It’s no use stressing out over it.”

But, he added, there are things you can do that will take care of 80 to 90 per cent of your potential risk from Heartbleed.

With advice from Nunnikhoven and other experts, here is a consumer’s guide to staunching the Heartbleed.

1. Don’t forget your phone or tablet

Heartbleed isn’t just about websites on your PC. Close to half of all Canadians have smartphones and we’re on our way to having what Cisco estimates will be five devices each by 2017. Nunnikhoven warns your tablet or smartphone could be connecting to something that’s vulnerable online. Good news for Apple users, that company has said none of its services - its mobile iOS, desktop or Web services - were affected by Heartbleed. Nunnikhoven said Android phones that are less than two years old probably won’t have the issue but phones two years or older could have. And for all phones and mobile devices, if you are signing in through a website and not an app, the same advice applies as for web services so take precautions.

2. Check online accounts before you change passwords

If you use the same password on all your accounts, start changing them anyway because any one will give a hacker access to all your accounts. Otherwise, check to see if a website has been fixed. If it hasn’t been, you could change your password and a hacker could come along later and unbeknownst to you, collect the new password.

3. But I have 147 accounts!

If you have dozens of accounts, this can be scary but start with the most important — the email account you use to get password resets and other info that could give a hacker the keys to taking over your ID. Canadian banks and credit union weren’t affected but make sure you have a unique password for online banking and take advantage of the extra security tools that may be offered by your bank or credit union.

4. How do I check to see if a website has been affected?

There are several ways. The best websites notified you by email or on their website - the Canadian Revenue Agency gets top marks for its immediate disclosure and action in shutting down vulnerable sites. There are online tools to check if a website is vulnerable and/or if it has been fixed. LastPass has a good one that tells you if a site was vulnerable and if it is now safe to change your password. Mashable is updating a list of major sites as news comes in. Google was and is fixed, LinkedIn wasn’t, Facebook fixed it before Heartbleed was made public. Full list here.

5. Does a company have to warn me if it has been affected

If you live in Alberta, privacy laws provide for mandatory reporting of privacy breaches. In B.C., no. In Canada, amendments to privacy laws have been proposed in the Digital Privacy Act Bill S-4, which provides for breach notification but it also contains controversial amendments, which Michael Geist, who holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa warns “could massively expand warrantless disclosure of personal information.” In B.C., a legislative committee is reviewing the province’s privacy legislation. Breach disclosure was among the recommendations made by BC’s Privacy Commissioner Elizabeth Denham in 2008, the last time the law was reviewed by a legislative committee.

6. I can’t remember a different password for every account?

You don’t have to. That’s what password management tools are for. Plus they’ll generate those 12-character massively complex passwords that you could never remember but are way more secure than your pet’s name. There are a number of possibilities and you can check them out to see what best suits your needs - ease of use and availability on all your devices is key. Most are free and with paid versions for extra features like service for all your mobile devices. LastPass and KeePass will import from many of their competitors. Don’t Google for password management software. Better to go straight to a website you know or check CNET Reviews to make sure you’re not landing on a bogus website that will install malicious software on your computer.

7. Time for spring cleaning

Remember that one time online purchase at Target online from three years back? Well, when Target had a security breach, there went the credit card info you forgot Target even had. Go through every account you have, whether it’s a store you no longer shop at or an obscure social media network you never use any more and take the steps necessary to close down your account.

8. Keep watch

Don’t wait for your credit card bill or bank statement to arrive. Keep a check on your accounts online for suspicious activity. The same for your email and social media accounts. If friends start questioning your spammy Facebook posts, chances are you’ve been hacked.

9. Is your hard drive whirring when you’re not using it?

Your computer might have been infected by malicious software. A lot of us tend to be a little lax about updating operating systems, keeping antivirus up-to-date and paying attention to our computer’s performance. Now would be a good time to fix that. “People get lazy, they don’t change passwords, update passwords, they let anti virus software go,” said Doug Cooke director of sales engineering at McAfee. “We just have to keep it up.”

10. Protect your credit

In the U.S., identity theft protection services such as credit monitoring are in high demand and companies that find their customers’ data compromised will offer things like free credit monitoring for a year. Tim Ashby, vice-president of personal solutions at Equifax Canada recommends consumers take advantage of free credit reporting here.

“In the U.S., you’re entitled under federal legislation to one credit report annually,” he said. “In Canada, you can get a free credit report whenever you want.”

You can also pay for additional services, such as credit monitoring or to set up a fraud alert on your account. With a fraud alert, if anyone tries to get a credit card, mortgage, loan or otherwise use your identity get money, you and the potential lender will be alerted.

Better than finding out when the bills start coming in.

Final advice: Relax

While you don’t want to ignore Heartbleed and hope for the best, no one knows yet if hackers infiltrated websites that had the flawed security software. Take precautionary steps but don’t let it keep you awake at night. Don’t panic and click on a link in an email purporting to be from your bank or another account and asking you to change your password because of Heartbleed. The security scare has crooks rushing to take advantage of the panic.

Comments

We encourage all readers to share their views on our articles and blog posts. We are committed to maintaining a lively but civil forum for discussion, so we ask you to avoid personal attacks, and please keep your comments relevant and respectful. If you encounter a comment that is abusive, click the "X" in the upper right corner of the comment box to report spam or abuse. We are using Facebook commenting. Visit our FAQ page for more information.

Share

A consumer’s guide to making sure you are not a Heartbleed victim

Video

Technology Videos

Best of Postmedia

Be afraid. Be very afraid. Ignore the diversions in the United States: athletes kneeling or standing during the national anthem; Republicans flailing and failing again on health care; a kick-boxing creationist possibly becoming senator from Alabama. Calamity looms elsewhere. We are hurtling toward war with North Korea. It may be as early as next month. […]

It wasn’t in the middle of a farmer’s muddy field or deep in the boreal forest where the Canadian oilsands truly struck pay dirt. It was inside Fort McMurray’s recreation centre. More than 1,400 oilpatch workers, corporate executives, provincial leaders and the country’s prime minister assembled 21 years ago in northern Alberta to grasp a […]

Google’s powerful search engine is defeating some court-ordered publication bans in Canada and undermining efforts to protect young offenders and victims. Computer experts believe it’s an unintended, “mind-boggling” consequence of Google search algorithms. In six high-profile cases documented by the Citizen, searching the name of a young offender or victim online pointed to media coverage […]

Almost Done!

Postmedia wants to improve your reading experience as well as share the best deals and promotions from our advertisers with you. The information below will be used to optimize the content and make ads across the network more relevant to you. You can always change the information you share with us by editing your profile.

By clicking "Create Account", I hearby grant permission to Postmedia to use my account information to create my account.

I also accept and agree to be bound by Postmedia's Terms and Conditions with respect to my use of the Site and I have read and understand Postmedia's Privacy Statement. I consent to the collection, use, maintenance, and disclosure of my information in accordance with the Postmedia's Privacy Policy.

Postmedia wants to improve your reading experience as well as share the best deals and promotions from our advertisers with you. The information below will be used to optimize the content and make ads across the network more relevant to you. You can always change the information you share with us by editing your profile.

By clicking "Create Account", I hearby grant permission to Postmedia to use my account information to create my account.

I also accept and agree to be bound by Postmedia's Terms and Conditions with respect to my use of the Site and I have read and understand Postmedia's Privacy Statement. I consent to the collection, use, maintenance, and disclosure of my information in accordance with the Postmedia's Privacy Policy.